Apple responds to SMS spoofing

Apple on Saturday responded to reports of a vulnerability to SMS spoofing that can be done to users of the company’s iPhone.

“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks,” an Apple representative told The Loop. “One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

There is a key point in what Apple told me. A lot has been written in the press about how the “iPhone” has this problem, but Apple isn’t alone.

The vulnerability is not with the iPhone, but rather with the SMS technology. The iPhone is not alone in being susceptible to this type of attack — all phones that use SMS can be tricked in the same way. That’s why the verification and security of using iMessage is so much better.

  • No

    yet another sensational headline by arstechnica for non issue to generate false controversy.

  • nitin

    screw the logic. having the name of an apple product in the title, generates more clicks. and thats all that is needed for most of these blogs!

  • Isn’t iMessage only available on the latest devices? (serious question)

    If so, are they doing anything to protect older devices?

    • iphone 3gs and up get iMessage…I think all ipads do too. and all Mountain Lion-supported Macs.

  • On that interface timeline they listed Windows 1.0 as 1982 before the Mac. Wrong! Everyone knows it was a very poor Mac knockoff that was released in ’85 in response to the Mac.

    • Dariush

      For 1982 they likely meant DOS

  • Null

    All devices are vulnerable to SMS spoofing. But is the same true for spoofing reply-to numbers?

  • Unkn.Trvlr.

    The best solution would be that Apple has the magnanimity of mind to offer a fix in iOS 6, even though it’s a fault of the SMS technology, and thus come out ahead in the long run.

  • Gadget37

    Apple has written an SMS client like an email client which replaces the From field with the Reply-To field and then deletes the original From field. This is the problem which causes the vulnerability. Other phones don’t seem to do that.